• United States

Have identity, will travel

Apr 12, 20043 mins
Access ControlEnterprise Applications

* The benefits of federated identity

I was in Sydney, Australia last week for Marcus Evans’ Identity and Access Management Conference. There I listened to a number of people talk about projects they’ve done or have planned and I heard industry spokespeople talk about products and protocols. But the most memorable comment, to me, came from Peter F. Wilson, who is retired from the Australian Tax Office where he was charged with implementing e-business and commerce.

He spoke on the topic of why federated identity was important to today’s enterprise. We were teamed, in fact. I opened by defining Federated Identity, explaining the Liberty Alliance, Shiboleth, WS-Federation, SAML and all the other ingredients we try to blend into a federation scheme. This, too, only a day after General Motors’ Richard Taggart, the vice president of Liberty Alliance, had kicked off the whole conference with a full tour of the Liberty landscape.

Wilson chose not to concentrate on the latest rev of the newest standard, though. Rather, I was struck when he reminded the audience that, “everything old is new again.” His point was that it isn’t always necessary to reinvent the wheel; in fact, it’s hardly ever necessary. Instead, when planning something new examine the old ways and use what you can, modify if necessary and only invent something new when you absolutely have to. Tried and true methods and devices have one strong built-in advantage over newly created devices: They’ve been proven over time to work.

The example that immediately came to mind, not surprisingly, was identity federation, in particular authentication and authorization.

Tourism is a fairly recent invention for humanity. While people have traveled for thousands of years, it was usually done for business or conquest. The idea of traveling simply to see what’s on offer someplace else appears to have developed in England in the mid-19th century. But getting access to things in a foreign land, such as money, credit or admittance to view national treasures wasn’t particularly easy. No one in the foreign land knew who you were, so they didn’t trust you with their goods or services. Your money was worthless in this strange world and it was difficult to find somewhere to eat or sleep.

The first solutions were letters of credit and letters of introduction. Your bank would vouch for you to a foreign bank, allowing you to obtain money to use for expenses by means of a letter of credit. A letter of introduction from a prominent friend of yours to someone they might know would allow you to view the new country’s treasures. Unfortunately, not many people had friends influential enough to gain them entry to all the things they might wish to do in the foreign land. Still, people wanted to travel. And where people want to do something, someone will create a business model to do it for them. Come back next time and see how.